CPU Bugs & Flaws – A Brief History

A problem with a CPU, the “brains” of your computer or other device, can usually be categorized as a bug or a flaw. In this context, a CPU bug is any issue with it that can be fixed or worked around without affecting the rest of the system, while a CPU flaw is a fundamental issue that requires system-wide changes.

Issues like these with CPUs usually happen because of mistakes made during the design or production of the chip.

Depending on the specific CPU bug/flaw, the effects could be anything from poor performance to security vulnerabilities of various severity.

Fixing a CPU flaw or bug involves either reworking how a device’s software works with the CPU, which is usually done through a software update, or replacing the CPU with one that doesn’t have the issue. Whether it’s replaced or worked around via a software update depends on the severity and complexity of the CPU’s problem.

Meltdown & Spectre Flaws
The Meltdown CPU flaw was first revealed to the public by Google Project Zero in 2018, as well as Cyberes Technology and Graz University of Technology. Spectre was disclosed the same year by Rambus, Google Project Zero, and researchers at several universities.

A processor uses what’s called “speculative execution” to guess what it’ll be asked to do next in order to save time. When it does this, it pulls information from RAM, your computer or device’s working memory, to gather details on what’s currently going on and what it needs to do next to perform a specific action based on that new information.

The problem is that when the processor prepares its actions and queues up what it’ll do next, that information might be exposed and “out in the open” for malicious software or websites to take and read as their own.

This means that a virus on your computer or a rogue website could, potentially, access that information from the CPU to see what it gathered from memory, which could be anything that was currently open and being used on the device, including sensitive information like passwords, photos, and payment information.

These CPU flaws affected all sorts of devices running on Intel, AMD, and other processors, and impacted devices like smartphones, desktops, and laptops, as well as online file storage accounts, etc.

Because of how deeply ingrained these flaws are in affected processors, replacing the hardware is the only permanent solution. However, keeping your software and operating system up-to-date can provide an acceptable workaround, reconfiguring how your software accesses the CPU, essentially circumventing the problems.

Here are some core updates that patched Meltdown and Spectre:

Windows 10 was patched with the KB4056892 update, which can be installed manually from this link but is best installed through Windows Update.
The following updates were released for macOS: High Sierra 10.13.2, Security Update 2018-001 for Sierra, and Security Update 2018-001 for El Capitan.
Android devices running at the 2018-01-05 Security Patch Level and later are protected.
Apple iOS devices were patched with iOS 11.2.2 to “mitigate the effects of Spectre” in the Safari web browser.
Firefox browsers updated to at least version 57.0.4 are protected. See How Do I Update Firefox? if you need help.
Safari 11.0.2 was released for macOS Sierra and OS X El Capitan.
Tip: Always make sure you’re applying updates to your operating system and software as they become available! That means not skipping the notifications on your computer or smartphone and doing your best to keep your software programs updated as new versions and updates are released.

Pentium FDIV Bug
This CPU bug was discovered by Lynchburg College’s professor Thomas Nicely in 1994, which he first disclosed in an email.

The Pentium FDIV bug affected Intel Pentium chips only, particularly within an area of the CPU called the “floating point unit,” which is the part of the processor that performs math functions like addition, subtraction, and multiplication, though this bug only affected division operations.

This CPU bug would give wrong results in applications that determine a quotient, like calculators and spreadsheet software. The cause of this error was a programming mistake where certain math lookup tables were omitted, and so any calculations that needed access to those tables were not as accurate as they could have been.

However, it has been estimated that the Pentium FDIV bug would give inaccurate results in only 1 out of every 9 billion floating point calculations, and it would only be seen in really small or really large numbers, often around the 9th or 10th digit.

That said, there was unresolved controversy over how often this bug would really be an issue, with Intel stating that it would only happen to the average user once every 27,000 years, whereas IBM said that it would happen as often as every 24 days.

Various patches were released to work around this bug:

Microsoft released patches for the Windows OS and Microsoft Excel. These files are titled WW1140.EXE and WE1136.EXE, respectively, and can still be downloaded from this Microsoft Software Library Mirror website.
Wolfram released this patch for its Mathematica computation program.
In December of 1994, Intel announced a lifetime replacement policy to replace all processors that were affected by the bug. CPUs shipped out later were no longer affected by this bug, so devices using an Intel processor created after 1994 aren’t affected by this particular floating point unit problem.